cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
962
Views
0
Helpful
4
Replies

Problems in Building A VPN

ciscomoderator
Community Manager
Community Manager

(Note: This message was posted as part of the "Ask the Expert" Event on configuring Cisco IPSec VPNs that took place December 11 - December 21. Feel free to respond to or form discussions around this question.)

Posted by: rspiandorello – SPIANDORELLO

I'd like to know if i can have problems in building vpn between pix firewalls that don't use internet connection in the outside interface for vpn channel, but use a backbone with routers placed in their dmz interfaces for vpn channel.

Thank you

Renato

4 Replies 4

smahbub
Level 6
Level 6

I’m not very clear on your topology but I can tell you that IP in a private network functions identically to IP in a public network. In fact it actually functions better because you have more control over a private network. I think with current PIX code you can terminate your tunnels on the perimeter interfaces but you can definitely tunnel through it and terminate on other devices as well. How many interfaces do you have up on the PIX? Where are the tunnels terminating?

I have 2 pix firewalls with 3 interfaces: inside, outside (with internet connection) and dmz interfaces.

I have to build a vpn that terminates on the 2 pix dmz interfaces. I have a leased line that connects 2 routers that are in the 2 dmz pix lans, so pixs can comunicate with that private channel.

Thank you

Renato

I think that topology looks fine. You should be able to terminate your VPN’s through the perimeter interfaces on the respective PIX’s as long as you are running current code. I’d check to see what version you have because some of the earlier ones don’t have perimeter support. Let me know if this helps you out.

ozan.ocal
Level 1
Level 1

REnato,

it really does not matter if you set up the vpn either through the public network (internet) or by any other means. The media between is just transport media. As long as you have an "IP environment" you can build pix-to-pix vpn.

No problem....

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: